2018-10-01 05:48:56 -07:00
|
|
|
# yubihsm-go
|
|
|
|
Yubihsm-go is a minimal implementation of the securechannel and connector protocol of the YubiHSM2.
|
|
|
|
|
2018-10-24 02:27:50 -07:00
|
|
|
It also implements a simple SessionManager which keeps connections alive and swaps them if the maximum number of
|
|
|
|
messages is depleted.
|
2018-10-01 05:48:56 -07:00
|
|
|
|
|
|
|
Currently the following commands are implemented:
|
|
|
|
|
2022-07-12 08:49:49 -07:00
|
|
|
* DeviceInfo
|
2018-10-01 05:48:56 -07:00
|
|
|
* Reset
|
|
|
|
* GenerateAsymmetricKey
|
|
|
|
* SignDataEddsa
|
2021-04-07 15:05:46 -07:00
|
|
|
* SignDataPkcs1
|
2018-10-01 05:48:56 -07:00
|
|
|
* PutAsymmetricKey
|
|
|
|
* GetPubKey
|
2019-08-27 14:08:25 -07:00
|
|
|
* DeriveEcdh
|
2018-10-01 05:48:56 -07:00
|
|
|
* Echo
|
2020-02-28 09:40:45 -08:00
|
|
|
* ChangeAuthenticationKey
|
2021-04-07 14:22:09 -07:00
|
|
|
* PutAuthenticationKey
|
|
|
|
* GetOpaque
|
|
|
|
* PutOpaque
|
|
|
|
* SignAttestationCertificate
|
2018-10-01 05:48:56 -07:00
|
|
|
* Authentication & Session related commands
|
2021-04-07 15:05:46 -07:00
|
|
|
* GetPseudoRandom
|
2019-08-27 14:08:25 -07:00
|
|
|
|
2018-10-01 05:48:56 -07:00
|
|
|
Implementing new commands is really easy. Please consult `commands/constructors.go` and `commands/response.go` for reference.
|
|
|
|
|
|
|
|
Please submit a PR if you have implemented new commands or extended existing constructors.
|
|
|
|
|
|
|
|
## Example of usage
|
|
|
|
|
2022-06-30 07:04:49 -07:00
|
|
|
```go
|
2018-10-01 05:48:56 -07:00
|
|
|
c := connector.NewHTTPConnector("localhost:1234")
|
|
|
|
sm, err := yubihsm.NewSessionManager(c, 1, "password", 2)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
echoMessage := []byte("test")
|
|
|
|
|
|
|
|
command, err := commands.CreateEchoCommand(echoMessage)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
2018-10-24 02:27:50 -07:00
|
|
|
resp, err := sm.SendEncryptedCommand(command)
|
2018-10-01 05:48:56 -07:00
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
parsedResp, matched := resp.(*commands.EchoResponse)
|
|
|
|
if !matched {
|
|
|
|
panic("invalid response type")
|
|
|
|
}
|
|
|
|
|
|
|
|
if bytes.Equal(parsedResp.Data, echoMessage) {
|
|
|
|
println("successfully echoed data")
|
|
|
|
} else {
|
|
|
|
panic(errors.New("echoed message did not equal requested message"))
|
|
|
|
}
|
|
|
|
|
2018-10-24 02:27:50 -07:00
|
|
|
```
|